Self Signed Certificates are useful for securing the information between web server and the user. A secure connection will be made by encrypting the site’s information. An SSL certificate can reveal the virtual private server’s identification information to the site visitors.
This tutorial will guide you to create and install Self Signed Certificates on Apache for Ubuntu 12.04.
Before setting up the self-signed certificate, make sure that Apache is already installed on your VPS. If not, type in the command to install the package:
sudo apt-get install apache2
Activate SSL Module
Once you have installed apache, next step is to enable SSL on your droplet. You can use the following command for enabling ssl:
sudo a2enmod ssl
Now, let’s restart apache.
sudo service apache2 restart
Creating a New Directory
You have to create a new directory to store the server key and certificate. Use this command to create the directory:
sudo mkdir /etc/apache2/ssl
Creating a Self Signed SSL Certificate
You can create the self-signed SSL certificate and the server key with this command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
You can specify the validity of the certificate by changing the 365 days to your preference. By default, it expires after one year. The above command will create the self-signed SSL certificate and server key and place them into the newly created directory.
On your terminal screen, you will need to fill in the required information. Enter your domain name or site’s IP address for ‘Common Name’.
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:StateName Locality Name (eg, city) :CityName Organization Name (eg, company) [Internet Widgits Pty Ltd]:CompanyName Organizational Unit Name (eg, section) :OrganizationName Common Name (e.g. server FQDN or YOUR name) :example.com Email Address :[email protected]
Setting Up the Certificate
Now, you need to set up the virtual hosts to display the new certificate. Open the SSL config for editing.
Search for the line ‘VirtualHost _default_:443’ and make the following changes.
- The DocumentRoot and ServerName lines have to be uncommented.
- Replace example.com with your DNS approved domain name or IP address.
- Search for the last three lines of the snippet and update them accordingly.
Is should look like this:
<VirtualHost _default_:443> ServerAdmin [email protected] DocumentRoot /var/www/html ServerName www.example.com ServerAlias example.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key </VirtualHost>
Now, save and exit out of the file.
Activate the New Virtual Host
Enable your virtual host using the command;
sudo a2ensite default-ssl
Now, you need to restart and reload apache in order to bring in all the changes in place.
sudo service apache2 reload
You are done. Verify by typing https://youraddress in your browser to view the created certificate.